Bug 176558 - stopping iptables hang system for a while
Summary: stopping iptables hang system for a while
Status: CLOSED CANTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Dave Jones
QA Contact: Brian Brock
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-12-26 12:15 UTC by Kaj J. Niemi
Modified: 2015-01-04 22:23 UTC (History)
2 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2005-12-27 22:29:28 UTC


Attachments (Terms of Use)

Description Kaj J. Niemi 2005-12-26 12:15:08 UTC
Description of problem:

Dec 26 15:13:44 localhost kernel: BUG: soft lockup detected on CPU#0!
Dec 26 15:13:44 localhost kernel:
Dec 26 15:13:44 localhost kernel: Pid: 3379, comm:             modprobe
Dec 26 15:13:44 localhost kernel: EIP: 0060:[<f8e8d1b8>] CPU: 0
Dec 26 15:13:44 localhost kernel: EIP is at ip_ct_iterate_cleanup+0x5c/0x68
[ip_conntrack]
Dec 26 15:13:44 localhost kernel:  EFLAGS: 00200246    Tainted: P      
(2.6.14-1.1786_FC5)
Dec 26 15:13:44 localhost kernel: EAX: df925f64 EBX: df925f64 ECX: df604f4c EDX:
ef7e7ab0
Dec 26 15:13:44 localhost kernel: ESI: df925eac EDI: 00000000 EBP: f8e8d2ae DS:
007b ES: 007b
Dec 26 15:13:44 localhost kernel: CR0: 8005003b CR2: 09e18aa0 CR3: 1f412000 CR4:
000006d0
Dec 26 15:13:44 localhost kernel:  [<f8e8d2ed>] ip_conntrack_cleanup+0x19/0x6a
[ip_conntrack]     [<f8e8b803>] init_or_cleanup+0x24b/0x24f [ip_conntrack]
Dec 26 15:13:44 localhost kernel:  [<c01309f7>] sys_delete_module+0x12d/0x16a  
  [<c014b6b7>] do_munmap+0xd0/0xe6
Dec 26 15:13:44 localhost kernel:  [<c0102d61>] syscall_call+0x7/0xb
Dec 26 15:13:44 localhost kernel: Removing netfilter NETLINK layer.

Version-Release number of selected component (if applicable):
kernel-2.6.14-1.1786_FC5.i686

How reproducible:
Pretty much always

Steps to Reproduce:
1. Use system normally
2. /sbin/service iptables stop (or restart)
3.
  
Actual results:
Hangs for a while or deadlocks completely

Expected results:
Shouldn't hang ;)

Additional info:
I had the Cisco VPN Client enabled when the latest hang happened but it happens
without cisco_ipsec as well.

/etc/sysconfig/iptables:
*filter
:INPUT ACCEPT [0:0]
-A INPUT -p 50 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -p udp --sport 500 --dport 500 -j
ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -p udp --sport 4500 --dport 4500
-j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT

:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

# Allow all traffic in both directions through the VA adapter
-A INPUT -i cipsec0 -j ACCEPT
-A OUTPUT -o cipsec0 -j ACCEPT

COMMIT

Comment 1 Dave Jones 2005-12-27 22:29:28 UTC
please reopen with an untainted oops.



Note You need to log in before you can comment on or make changes to this bug.